Building network automation solutions

9 module online course

A friend has recently asked me for a solution that would disable the wireless interface on his SOHO router during the night. Two simple EEM applets later we had it working; I've also added a third applet to ensure the interface does not remain disabled after a router reload.

While applying an access-list has it's advantages, it's not the same as shutting down an interface. There are always different scenarios for every unique situation and having the ability to physically shut off a wireless interface on an access point based on time of day could be useful.

We have a router with two Ethernet WAN interfaces connecting us to two ISPs. One of the WAN connections is slower, but more reliable and provides us with static addresses; the other is much faster (cable modem), but only has a single IP address assigned by DHCP. So to make the most of both, we use route maps to push the majority of traffic that originates inside our network over the cable modem (through overloaded dynamic NAT) while reserving the other WAN for incoming traffic addressed to our static IPs (via static NAT to specific inside hosts).

Since the cable modem ISP is the default route for most traffic, we wanted the ability to fall back to the other WAN link if the cable modem network should go down. To address this, we track the DHCP-assigned route with "ip dhcp client route track" and we also use an SLA with RTR to monitor that link by ensuring we can ping that router. If we can't get packets through the cable modem link, the SLA setup takes the cable modem route out of circulation and all traffic get shunted over the other WAN link (again with overloaded dynamic NAT).

The cable modem ISP is pretty good about renewing leases, such that this router has been able to keep the same "dynamic" IP address for the past 4 years. This is fortunate, because the IOS doesn't seem to have a way to set the SLA to ping a DHCP-assigned gateway address and so we've had to statically configure the ISP's default gateway's IP address in our SLA config.

It all works very well, even though statically-configuring the router's IP in the SLA is less-than-ideal. Here's where the problem comes in, though:

Recently, the ISP renumbered their network, and assigned us a new IP address by DHCP. This of course caused the SLA stuff to break until we went in and changed the SLA config to ping the ISP's router's new address. Every time the ISP changes their network in the future, we'll have to do this again.

While this might be something that only comes up every year or two, it could also turn out to happen a lot more often (for example, if the ISP changes their policies on long-lived DHCP leases). So, my hope is to use IOS' EEM capabilities to automate the process of noticing that the DHCP-assigned default gateway has changed and then automatically update the SLA when that happens.

slightly OT for this IOS blog, but as David asked in the second response:-For cheap/plastic/non-industrial Access Points the easiest solution is a mains-plug-in-the-socket timeswitch, either rotary "peg-type" or digital. Don't forget summer/daylight changes or if less critical allow an extra couple of hours either way.More complex but scriptable is to switch the DC power lead to the Access Point via a suitable relay, maybe fed from a LPT port (and a Molex or Berg power conn for relay power: look for transistor relay-driver circuits on net) Linux+lptswitch will do it on an old 486, so its SSH-able and tcl-able, or you can simply script it locally. If the cheap access point is near (5-10metres) some server boxes with LPT ports this is easier than a headless-but-huge 1998 desktop on a shelf running ssh :)POE is really the way to do it for non-IOS devices IMHelectronicO(Gord as anon)

The author

Ivan Pepelnjak (CCIE#1354 Emeritus), Independent Network Architect at ipSpace.net, has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced internetworking technologies since 1990.